Computer security is dependent upon controlling user access to data within computer systems. To provide such control, the system must incorporate security measures, known as identification and authentication (I&A) mechanisms, to reliably authenticate user identity. One of the basic types of I&A mechanisms is called authentication by ownership. Password tokens, that is, hand held electronic devices, such as smart cards, that generate session-unique passwords, are an example of an authentication by ownership type I&A mechanism. One effective password token scheme calls for the host computer, at user log-in, to generate and display a message known as a challenge. The user manually keys the challenge into the token. The token processes the input challenge, using a cryptographic process, and generates and displays a session-unique password (known as a response) to be manually keyed into the host by the user. Upon correct response input, the user is granted access by the host security system.
For example, U.S. Pat. No. 4,890,323 to Beker et al. discloses a method of secure message transmission from a terminal apparatus to a remote receiving station in a communications system which involves appending an authentication code to a transmitted message. The authentication code is dependent upon the contents of the associated message and contains information representing the identity of the sender of the message. The authentication code is generated based on a cryptographic key, but the transmitted message itself is not encrypted. The information representing the identity of the sender is located in a token assigned to a particular user. The token can only be accessed upon entering a correct personal identification number. The user reads a sequence of numbers representing a first part of the authentication code on the terminal display and enters this sequence of numbers into the token. The token responds with a second sequence of numbers, which the user keys into the terminal apparatus. The first and second sequences of numbers are combined within the terminal apparatus to form the authentication code.
The main disadvantage of this and other existing challenge-response tokens is their manually keyed challenge data input scheme. This cumbersome scheme necessarily limits the amount of input data keyed into the token to short manageable strings. The inputting of long cryptographic variables and remote token programming (such as performing administrative updates) are unmanageable tasks.
U.S. Pat. No. 5,060,263 to Bosen et al. discloses an electronic access control system for a computer utilizing a password issuing device. An access control program resident in the computer generates a challenge to the user, and the user responds by using the challenge value to generate a password that is an encrypted version of the previous password. The challenge is displayed on the screen of the computer terminal. The user enters the challenge value into the password issuing device using a keyboard. The password issuing device displays the new password, which the user enters into the computer using the computer keyboard. If the entered password is validated by the computer, the user is allowed access to the system. No encryption of data resident in the computer is disclosed. The challenge length is kept to a minimum in this system by having each digit of the challenge represent an encryption algorithm resident in the password issuing device, so that multiple levels of password encryption can occur as a result of a challenge of a few digits. However, the resulting password must still be kept to a minimum length in order to be entered into the computer.
Some security system designers have specified the use of expensive peripheral token readers to overcome the problem of entering lengthy challenges.
For example, U.S. Pat. No. 4,910,775 and U.S. Pat. No. 5,136,644, both to Audebert et al. disclose a portable electronic device that can be used to authorize access to a data processing system via a terminal. The data processing system displays data on the terminal which may be keyed into the electronic device, or which the electronic device may read using phototransistors located on one edge surface of the device. The electronic device displays a code in response to the input data, and the user keys this code into the data processing system, which will then allow or deny access to the system based on the code. No data is encrypted. A user must perform an identification function prior to operating the electronic device. The devices are only contemplated for use in optically reading data from the terminal display when data is kept to a minimum. When longer data strings are used, a peripheral device is used in order for the electronic device to read the data.
Access control systems currently in use function as password schemes to allow or deny access to a computer, but do not utilize the cryptographic capabilities of the system to encrypt and decrypt files stored on the computer.
U.S. Pat. No. 4,599,489 to Cargile discloses a semiconductor device that functions to control access to a software program resident in a computer. The device generates a password that depends on a real time signal. The user reads the password, which is displayed on the key device, and enters the password into the computer. A stimulus number may be generated by the computer and provided to the key to initiate the password generation process. The stimulus number may be transmitted to the key by selectively exciting portions of the computer display, the patterns of which are read by photo-sensors on the key. The Cargile patent discloses a system for providing password protection for software programs, but the disclosed system does not perform any encryption or decryption function. The fact that the generated password is based on the real time of day signal instead of a random signal makes the system too easily corruptible.